* Authenticated Boot and Disk Encryption
@ 2021-10-05 6:50 Reza Housseini
2021-10-21 19:28 ` Ludovic Courtès
0 siblings, 1 reply; 2+ messages in thread
From: Reza Housseini @ 2021-10-05 6:50 UTC (permalink / raw)
To: guix-devel
[-- Attachment #1: Type: text/plain, Size: 430 bytes --]
Hello Guix!
I came across this blog post
<https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html>
and was wondering what is the state of authenticated boot and encryption in
Guix System?
I have this vision where you define such things in your system guile script
and everything gets configured appropriately, or at least the default setup
is as secure as possible.
Thanks for any insights.
Cheers, Reza
[-- Attachment #2: Type: text/html, Size: 561 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Authenticated Boot and Disk Encryption
2021-10-05 6:50 Authenticated Boot and Disk Encryption Reza Housseini
@ 2021-10-21 19:28 ` Ludovic Courtès
0 siblings, 0 replies; 2+ messages in thread
From: Ludovic Courtès @ 2021-10-21 19:28 UTC (permalink / raw)
To: Reza Housseini; +Cc: guix-devel
Hi Reza,
Reza Housseini <reza.housseini@gmail.com> skribis:
> I came across this blog post
> <https://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html>
> and was wondering what is the state of authenticated boot and encryption in
> Guix System?
Nothing’s been done wrt. to “authenticated boot” AFAIK (I have
reservations about the concept).
Full disk encryption works but it’s done like in other distros, as
described in the article. One big failure IMO is the fact that
nothing’s done upon suspend (when closing the laptop lid). I believe
systemd-homed addresses that properly.
There’s a lot in this article, I’d suggest identifying specific bits to
see whether/how we can implement them in Guix!
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-10-21 19:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-10-05 6:50 Authenticated Boot and Disk Encryption Reza Housseini
2021-10-21 19:28 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).